ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Hackers Compromising Developers with Malicious VS Code, Cursor AI Extensions
The developer tools used by millions of programmers worldwide have become a prime target for attackers seeking to compromise entire organizations. Visual Studio Code and AI-powered IDEs like Cursor AI, when combined with
Critical WatchGuard Firebox Vulnerabilities Let Attackers Bypass Integrity Checks and Inject Malicious Codes
Critical security alerts have been issued for Firebox firewall devices due to serious ten vulnerabilities. The vulnerabilities in WatchGuard, disclosed on December 4, 2025, span multiple severity levels and attack vector
Critical Apache Tika Vulnerability Leads to XXE Injection
The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. The post Critical Apache Tika Vulnerability Leads to XXE Injection appeared first on SecurityWeek.
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.
Next.js Released a Scanner to Detect and Update Apps Impacted by React2Shell Vulnerability
A dedicated command-line tool, fix-react2shell-next, to help developers immediately detect and patch the critical “React2Shell” vulnerability (CVE-2025-66478). This new scanner offers a one-line solution to identify vuln
Critical Vulnerabilities in GitHub Copilot, Gemini CLI, Claude, and Other Tools Impact Millions of Users
The software development landscape has been fundamentally altered by AI-driven integrated development environments (IDEs). Tools like GitHub Copilot, Gemini CLI, and Claude Code have evolved from simple autocompletion en
Critical React2Shell RCE Vulnerability Exploited in the Wild to Execute Malicious Code
A critical remote code execution vulnerability, tracked as CVE-2025-55182 and dubbed “React2Shell,” is now under active exploitation in the wild. GreyNoise researchers have detected opportunistic, largely automated explo
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable
Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizati
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following re
Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions
A critical vulnerability class dubbed “PromptPwnd,” affects AI agents integrated into GitHub Actions and GitLab CI/CD pipelines. This flaw allows attackers to inject malicious prompts via untrusted user inputs like issue
2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now
A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CVE-2025-55182, a crit
CVE-2025-66516
Currently trending CVE - Hype Score: 11 - Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML Exte
CVE-2025-66562 - TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering
CVE ID : CVE-2025-66562 Published : Dec. 5, 2025, 6:15 p.m. | 33 minutes ago Description : TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indica
Cloudflare Outage Traced to Emergency React2Shell Patch Deployment
Cloudflare’s global network suffered a brief but widespread disruption this morning, lasting approximately 25 minutes, due to an internal change in its Web Application Firewall (WAF) designed to counter a critical vulner
Cloudflare Outage Caused by React2Shell Mitigations
The critical React vulnerability has been exploited in the wild by Chinese and other threat actors. The post Cloudflare Outage Caused by React2Shell Mitigations appeared first on SecurityWeek.
Critical Apache Tika Core Vulnerability Exploited by Uploading Malicious PDF
A critical security vulnerability in Apache Tika has been discovered that allows attackers to compromise systems by uploading specially crafted PDF files. Organizations worldwide are urged to patch immediately. Apache Ti
Cloudflare blames today's outage on emergency React2Shell patch
Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks. [...]
Cyber teams on alert as React2Shell exploitation spreads
<p>A remote code execution (RCE) vulnerability in the <a href="https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components" target="_blank" rel="noopener">React JavaScript library</a>, wh
React2Shell critical flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. [...]